The automation of an increasingly large number of software engineering tasks is becoming possible thanks to Machine Learning (ML). One foundational building block in the application of ML to software artifacts is the representation of these artifacts (e.g., source code or executable code) into a form that is suitable for learning. Many studies have leveraged representation learning, delegating to ML itself the job of automatically devising suitable representations. Yet, in the context of Android problems, existing models are either limited to coarse-grained whole-app level (e.g., apk2vec) or conducted for one specific downstream task (e.g., smali2vec). Our work is part of a new line of research that investigates effective, task-agnostic, and fine-grained universal representations of bytecode to mitigate both of these two limitations. Such representations aim to capture information relevant to various low-level downstream tasks (e.g., at the class-level). We are inspired by the field of Natural Language Processing, where the problem of universal representation was addressed by building Universal Language Models, such as BERT, whose goal is to capture abstract semantic information about sentences, in a way that is reusable for a variety of tasks. We propose DexBERT, a BERT-like Language Model dedicated to representing chunks of DEX bytecode, the main binary format used in Android applications. We empirically assess whether DexBERT is able to model the DEX language and evaluate the suitability of our model in two distinct class-level software engineering tasks: Malicious Code Localization and Defect Prediction. We also experiment with strategies to deal with the problem of catering to apps having vastly different sizes, and we demonstrate one example of using our technique to investigate what information is relevant to a given task.
translated by 谷歌翻译
恶意软件检测在网络安全中起着至关重要的作用,随着恶意软件增长的增加和网络攻击的进步。以前看不见的恶意软件不是由安全供应商确定的,这些恶意软件通常在这些攻击中使用,并且不可避免地要找到可以从未标记的样本数据中自学习的解决方案。本文介绍了Sherlock,这是一种基于自学的深度学习模型,可根据视觉变压器(VIT)体系结构检测恶意软件。 Sherlock是一种新颖的恶意软件检测方法,它可以通过使用基于图像的二进制表示形式来学习独特的功能,以区分恶意软件和良性程序。在47种类型和696个家庭的层次结构中使用120万个Android应用的实验结果表明,自我监督的学习可以达到97%的恶意软件分类,而恶意软件的二进制分类比现有的最新技术更高。我们提出的模型还能够胜过针对多级恶意软件类型和家庭的最先进技术,分别为.497和.491。
translated by 谷歌翻译
Machine Learning for Source Code (ML4Code) is an active research field in which extensive experimentation is needed to discover how to best use source code's richly structured information. With this in mind, we introduce JEMMA, an Extensible Java Dataset for ML4Code Applications, which is a large-scale, diverse, and high-quality dataset targeted at ML4Code. Our goal with JEMMA is to lower the barrier to entry in ML4Code by providing the building blocks to experiment with source code models and tasks. JEMMA comes with a considerable amount of pre-processed information such as metadata, representations (e.g., code tokens, ASTs, graphs), and several properties (e.g., metrics, static analysis results) for 50,000 Java projects from the 50KC dataset, with over 1.2 million classes and over 8 million methods. JEMMA is also extensible allowing users to add new properties and representations to the dataset, and evaluate tasks on them. Thus, JEMMA becomes a workbench that researchers can use to experiment with novel representations and tasks operating on source code. To demonstrate the utility of the dataset, we also report results from two empirical studies on our data, ultimately showing that significant work lies ahead in the design of context-aware source code models that can reason over a broader network of source code entities in a software project, the very task that JEMMA is designed to help with.
translated by 谷歌翻译
恶意应用程序(尤其是针对Android平台的应用程序)对开发人员和最终用户构成了严重威胁。许多研究工作都致力于开发有效的方法来防御Android恶意软件。但是,鉴于Android恶意软件的爆炸性增长以及恶意逃避技术(如混淆和反思)的持续发展,基于手动规则或传统机器学习的Android恶意软件防御方法可能无效。近年来,具有强大功能抽象能力的主要研究领域称为“深度学习”(DL),在各个领域表现出了令人信服和有希望的表现,例如自然语言处理和计算机视觉。为此,采用深度学习技术来阻止Android恶意软件攻击,最近引起了广泛的研究关注。然而,没有系统的文献综述着重于针对Android恶意软件防御的深度学习方法。在本文中,我们进行了系统的文献综述,以搜索和分析在Android环境中恶意软件防御的背景下采用了如何应用的。结果,确定了涵盖2014 - 2021年期间的132项研究。我们的调查表明,尽管大多数这些来源主要考虑基于Android恶意软件检测的基于DL,但基于其他方案的53项主要研究(40.1%)设计防御方法。这篇综述还讨论了基于DL的Android恶意软件防御措施中的研究趋势,研究重点,挑战和未来的研究方向。
translated by 谷歌翻译
恶意软件系列的分类对于全面了解他们如何感染设备,计算机或系统的全面了解至关重要。因此,恶意软件识别使安全研究人员和事件响应者能够采取防止恶意软件的预防措施并加速缓解。由于这些序列代表恶意软件的行为,恶意软件由恶意软件制作的API呼叫序列是广泛利用的机器和深度学习模型的特征。但是,传统的机器和深度学习模型仍然无法捕获API呼叫之间的序列关系。另一方面,基于变压器的模型作为整体过程序列,并且由于多针注意机制和位置嵌入而学习API调用之间的关系。我们的实验表明,具有一个变压器块层的变压器模型超越了广泛使用的基础架构,LSTM。此外,伯特或犬,预先训练的变压器模型,在根据评估指标,F1分数和AUC分数分类高度不平衡恶意软件系列方面表现优于分类高度不平衡的恶意软件系列。此外,拟议的基于袋的随机变压器森林(RTF),伯特或犬的集合,已经达到了四个数据集中的三个,特别是最先进的F1 - 在一个常用的基准数据集中得分为0.6149。
translated by 谷歌翻译
二进制代码分析的最新趋势促进了基于教学嵌入模型的神经解决方案的使用。指令嵌入模型是一个神经网络,将汇编指令序列转换为嵌入向量。如果对嵌入式网络进行了训练,从而使从代码到向量的翻译部分保留了语义,则该网络有效地代表了汇编代码模型。在本文中,我们介绍了Binbert,这是一种新颖的装配代码模型。 Binbert建立在汇编指令序列和符号执行信息的庞大数据集中的预训练的变压器上。 Binbert可以应用于汇编指令序列,并且可以微调,即可以作为任务特定数据的神经体系结构的一部分进行重新训练。通过微调,Binbert学会了如何将获得预培训获得的通用知识应用于特定任务。我们根据多任务基准评估了Binbert,我们专门设计了用于测试组装代码的理解。基准是由几个任务组成的,其中一些是从文献中获得的,以及我们设计的一些新颖任务,并结合了内在和下游任务。我们的结果表明,Binbert优于二进制指令嵌入的最先进模型,提高了二进制代码理解的标准。
translated by 谷歌翻译
Binary code similarity detection (BCSD) is widely used in various binary analysis tasks such as vulnerability search, malware detection, clone detection, and patch analysis. Recent studies have shown that the learning-based binary code embedding models perform better than the traditional feature-based approaches. In this paper, we proposed a novel transformer-based binary code embedding model, named UniASM, to learn representations of the binary functions. We designed two new training tasks to make the spatial distribution of the generated vectors more uniform, which can be used directly in BCSD without any fine-tuning. In addition, we proposed a new tokenization approach for binary functions, increasing the token's semantic information while mitigating the out-of-vocabulary (OOV) problem. The experimental results show that UniASM outperforms state-of-the-art (SOTA) approaches on the evaluation dataset. We achieved the average scores of recall@1 on cross-compilers, cross-optimization-levels and cross-obfuscations are 0.72, 0.63, and 0.77, which is higher than existing SOTA baselines. In a real-world task of known vulnerability searching, UniASM outperforms all the current baselines.
translated by 谷歌翻译
深学习方法,已经在诸如图像分类和自然语言处理领域中的成功应用,最近被应用到源代码分析过,由于免费提供源代码(例如,从开源软件库)的巨大数额。在这项工作中,我们阐述在国家的最先进的方法来使用有关其句法结构信息的源代码表示,我们适应它代表源的变化(即,提交)。我们使用这种表示安全相关的分类提交。因为我们的方法是使用迁移学习(也就是我们训练的一个“借口任务”是可用的丰富的标签数据的网络,然后我们使用这样的网络提交分类的目标任务,为此,少标记实例可用)我们研究了前培训使用两种不同的借口任务与随机初始化模型的网络的影响。我们的研究结果表明,通过利用代码语法跑赢基于令牌的表示得到的结构信息表示。此外,具有非常大的数据集上的松散的相关任务借口训练前时所获得的性能度量($> 10 ^ 6个$样品)上的更小的数据集训练前当超过($> 10 ^ 4 $样品)但对于一个借口任务更密切相关的目标任务。
translated by 谷歌翻译
源代码(MLONCODE)上的机器学习有望改变软件的交付方式。通过挖掘软件伪像之间的上下文和关系,mloncode通过代码自动生成,代码建议,代码自动标记和其他数据驱动的增强功能增强了软件开发人员的功能。对于许多任务中,代码的脚本级别表示足够,但是,在许多情况下,要考虑各种依赖关系和存储库结构的存储库级表示,例如,自动标记存储库具有主题或自动记录的存储库。代码等,用于计算存储库级表示的现有方法受(a)依赖代码的自然语言文档(例如,读书文件)(b)方法/脚本级表示的天真聚集,例如,通过串联或平均值。本文介绍了一个深度神经网络,该网络可直接从源代码中生成可公开可用的GitHub代码存储库的存储库嵌入。主题结合了一种注意机制,该机制将源代码,完整依赖关系图和脚本级别的文本信息投射到密集的存储库级表示中。为了计算存储库级别的表示,局部训练可以预测与存储库相关的主题,该主题是在公开可用的GitHub存储库数据集中,这些存储库与他们的地面真相主题标签一起爬行。我们的实验表明,局部计算的嵌入能够胜过多个基线,包括通过在存储库自动标记的任务下平均或串联来天真地结合方法级表示的基线。
translated by 谷歌翻译
基于变压器的大型语言模型在自然语言处理中表现出色。通过考虑这些模型在一个领域中获得的知识的可传递性,以及自然语言与高级编程语言(例如C/C ++)的亲密关系,这项工作研究了如何利用(大)基于变压器语言模型检测软件漏洞以及这些模型在漏洞检测任务方面的良好程度。在这方面,首先提出了一个系统的(凝聚)框架,详细介绍了源代码翻译,模型准备和推理。然后,使用具有多个漏洞的C/C ++源代码的软件漏洞数据集进行经验分析,该数据集对应于库功能调用,指针使用,数组使用情况和算术表达式。我们的经验结果证明了语言模型在脆弱性检测中的良好性能。此外,这些语言模型具有比当代模型更好的性能指标,例如F1得分,即双向长期记忆和双向封闭式复发单元。由于计算资源,平台,库和依赖项的要求,对语言模型进行实验始终是具有挑战性的。因此,本文还分析了流行的平台,以有效地微调这些模型并在选择平台时提出建议。
translated by 谷歌翻译
Code completion aims to help improve developers' productivity by suggesting the next code tokens from a given context. Various approaches have been proposed to incorporate abstract syntax tree (AST) information for model training, ensuring that code completion is aware of the syntax of the programming languages. However, existing syntax-aware code completion approaches are not on-the-fly, as we found that for every two-thirds of characters that developers type, AST fails to be extracted because it requires the syntactically correct source code, limiting its practicality in real-world scenarios. On the other hand, existing on-the-fly code completion does not consider syntactic information yet. In this paper, we propose PyCoder to leverage token types, a kind of lightweight syntactic information, which is readily available and aligns with the natural order of source code. Our PyCoder is trained in a multi-task training manner so that by learning the supporting task of predicting token types during the training phase, the models achieve better performance on predicting tokens and lines of code without the need for token types in the inference phase. Comprehensive experiments show that PyCoder achieves the first rank on the CodeXGLUE leaderboard with an accuracy of 77.12% for the token-level predictions, which is 0.43%-24.25% more accurate than baselines. In addition, PyCoder achieves an exact match of 43.37% for the line-level predictions, which is 3.63%-84.73% more accurate than baselines. These results lead us to conclude that token type information (an alternative to syntactic information) that is rarely used in the past can greatly improve the performance of code completion approaches, without requiring the syntactically correct source code like AST-based approaches do. Our PyCoder is publicly available on HuggingFace.
translated by 谷歌翻译
Pre-trained language models for programming languages have shown a powerful ability on processing many Software Engineering (SE) tasks, e.g., program synthesis, code completion, and code search. However, it remains to be seen what is behind their success. Recent studies have examined how pre-trained models can effectively learn syntax information based on Abstract Syntax Trees. In this paper, we figure out what role the self-attention mechanism plays in understanding code syntax and semantics based on AST and static analysis. We focus on a well-known representative code model, CodeBERT, and study how it can learn code syntax and semantics by the self-attention mechanism and Masked Language Modelling (MLM) at the token level. We propose a group of probing tasks to analyze CodeBERT. Based on AST and static analysis, we establish the relationships among the code tokens. First, Our results show that CodeBERT can acquire syntax and semantics knowledge through self-attention and MLM. Second, we demonstrate that the self-attention mechanism pays more attention to dependence-relationship tokens than to other tokens. Different attention heads play different roles in learning code semantics; we show that some of them are weak at encoding code semantics. Different layers have different competencies to represent different code properties. Deep CodeBERT layers can encode the semantic information that requires some complex inference in the code context. More importantly, we show that our analysis is helpful and leverage our conclusions to improve CodeBERT. We show an alternative approach for pre-training models, which makes fully use of the current pre-training strategy, i.e, MLM, to learn code syntax and semantics, instead of combining features from different code data formats, e.g., data-flow, running-time states, and program outputs.
translated by 谷歌翻译
We introduce a new language representation model called BERT, which stands for Bidirectional Encoder Representations from Transformers. Unlike recent language representation models (Peters et al., 2018a;Radford et al., 2018), BERT is designed to pretrain deep bidirectional representations from unlabeled text by jointly conditioning on both left and right context in all layers. As a result, the pre-trained BERT model can be finetuned with just one additional output layer to create state-of-the-art models for a wide range of tasks, such as question answering and language inference, without substantial taskspecific architecture modifications.BERT is conceptually simple and empirically powerful. It obtains new state-of-the-art results on eleven natural language processing tasks, including pushing the GLUE score to 80.5% (7.7% point absolute improvement), MultiNLI accuracy to 86.7% (4.6% absolute improvement), SQuAD v1.1 question answering Test F1 to 93.2 (1.5 point absolute improvement) and SQuAD v2.0 Test F1 to 83.1 (5.1 point absolute improvement).
translated by 谷歌翻译
在源代码中自动定位易受攻击的陈述至关重要,以确保软件安全性和缓解开发人员的调试工作。这在当今软件生态系统中变得更加重要,其中易受攻击的代码可以在像GitHub这样的软件存储库中轻松且无意中流动。在这类数百万的代码行中,传统的静态和动态方法争取缩放。虽然基于机器学习的方法在这样的设置中看起来很有希望,但大多数工作都在较高的粒度下检测到脆弱的代码 - 在方法或文件级别。因此,开发人员仍然需要检查大量代码以找到需要修复的弱势陈述。本文提出了一种新的集合学习方法来定位脆弱的陈述。我们的模型结合了基于图形的基于序列的神经网络,以成功捕获程序图的本地和全局上下文,并有效地了解代码语义和易受攻击的模式。为了研究天鹅绒的效果,我们使用了一个现成的合成数据集和最近发布的现实世界数据集。在静态分析设置中,未提前检测到易受攻击功能,Velvet可以实现4.5倍的性能,而不是真实世界数据上的基线静态分析仪。对于孤立的漏洞本地化任务,在我们假设特定漏洞声明未知的同时知道函数的漏洞,我们将天鹅绒与几个神经网络进行比较,这些内部网络也参加了本地和全局代码背景。天鹅绒分别达到99.6%和43.6%的13.6%,分别在合成数据和现实世界数据上实现了高精度,优于基线深度学习模型5.3-29.0%。
translated by 谷歌翻译
大多数自动化软件测试任务可以从测试用例的抽象表示中受益。传统上,这是通过基于测试案例的代码覆盖范围来完成的。规范级别的标准可以替换代码覆盖范围以更好地表示测试用例的行为,但通常不具有成本效益。在本文中,我们假设测试用例的执行痕迹可以使其在自动测试任务中抽象其行为的好选择。我们提出了一种新颖的嵌入方法Test2VEC,该方法将测试执行映射到潜在空间。我们在测试案例的优先级(TP)任务中评估了此表示形式。我们的默认TP方法基于嵌入式向量与历史失败测试向量的相似性。我们还根据测试向量的多样性研究了一种替代方案。最后,我们提出了一种决定给定测试套件的方法,以决定选择哪种TP。该实验基于几个真实和种子故障,具有超过一百万个执行痕迹。结果表明,就第一个失败测试案例(FFR)的中位数等级而言,我们提议的TP将最佳替代品提高了41.80%。就中位数APFD和中位数归一化FFR而言,它的表现优于传统代码覆盖范围的方法25.05%和59.25%。
translated by 谷歌翻译
在本文中,我们解决了深入学习的软件漏洞自动修复问题。数据驱动漏洞修复的主要问题是已知确认漏洞的少数现有数据集仅由几千例组成。然而,培训深度学习模型通常需要数十万例的例子。在这项工作中,我们利用了错误修复任务和漏洞修复任务的直觉相关,并且可以传输来自错误修复的知识可以传输到修复漏洞。在机器学习界中,这种技术称为转移学习。在本文中,我们提出了一种修复名为Vreepair的安全漏洞的方法,该方法是基于转移学习。 vreepair首先在大型错误修复语料库上培训,然后在漏洞修复数据集上调整,这是一个较小的数量级。在我们的实验中,我们表明,仅在错误修复语料库上培训的模型可能已经修复了一些漏洞。然后,我们证明转移学习改善了修复易受攻击的C功能的能力。我们还表明,转移学习模型比具有去噪任务训练的模型更好,并在漏洞固定任务上进行微调。总而言之,本文表明,与在小型数据集上的学习相比,转移学习适用于修复C中的安全漏洞。
translated by 谷歌翻译
图形神经网络已被证明可以为各种软件工程任务产生令人印象深刻的结果。但是,现有技术仍然有两个问题:(1)长期依赖性和(2)不同的代码组件在不应该的情况下被视为平等。为了解决这些问题,我们提出了一种表示代码为层次结构(代码层次结构)的方法,其中不同的代码组件在各个粒度级别分别表示。然后,为了处理每个表示级别的表示,我们设计了一个新颖的网络体系结构Echelon,它结合了异质图形变压器网络和基于树的卷积神经网络的优势,以学习具有代码依赖性信息丰富的抽象语法树。我们还提出了一个新颖的预处理目标,称为缺失子树预测以补充我们的代码层次结构。评估结果表明,我们的方法在三个任务中大大优于其他基准:任何代码完成,代码分类和代码克隆检测。
translated by 谷歌翻译
在过去的几年中,使用机器学习的编程语言处理(PLP)取得了广泛的改进。越来越多的人有兴趣探索这个有前途的领域。但是,对于新的研究人员和开发人员来说,要找到合适的组件来构建自己的机器学习管道,鉴于要解决的多样化的PLP任务,已发布大量数据集和模型,以及一组复杂的编译器或工具。涉及。为了改善机器学习组件的可发现性,可访问性,互操作性和可重复性(公平性),我们在基于机器学习的PLP领域中收集和分析了一组代表性论文。然后,我们确定并表征关键概念,包括PLP任务,模型架构和支持工具。最后,我们展示了一些利用可重复使用的组件来构建机器学习管道以解决一组PLP任务的例子。
translated by 谷歌翻译
As the complexity of modern software continues to escalate, software engineering has become an increasingly daunting and error-prone endeavor. In recent years, the field of Neural Code Intelligence (NCI) has emerged as a promising solution, leveraging the power of deep learning techniques to tackle analytical tasks on source code with the goal of improving programming efficiency and minimizing human errors within the software industry. Pretrained language models have become a dominant force in NCI research, consistently delivering state-of-the-art results across a wide range of tasks, including code summarization, generation, and translation. In this paper, we present a comprehensive survey of the NCI domain, including a thorough review of pretraining techniques, tasks, datasets, and model architectures. We hope this paper will serve as a bridge between the natural language and programming language communities, offering insights for future research in this rapidly evolving field.
translated by 谷歌翻译
NLP是与计算机或机器理解和解释人类语言的能力有关的人工智能和机器学习的一种形式。语言模型在文本分析和NLP中至关重要,因为它们允许计算机解释定性输入并将其转换为可以在其他任务中使用的定量数据。从本质上讲,在转移学习的背景下,语言模型通常在大型通用语料库上进行培训,称为预训练阶段,然后对特定的基本任务进行微调。结果,预训练的语言模型主要用作基线模型,该模型包含了对上下文的广泛掌握,并且可以进一步定制以在新的NLP任务中使用。大多数预训练的模型都经过来自Twitter,Newswire,Wikipedia和Web等通用领域的Corpora培训。在一般文本中训练的现成的NLP模型可能在专业领域效率低下且不准确。在本文中,我们提出了一个名为Securebert的网络安全语言模型,该模型能够捕获网络安全域中的文本含义,因此可以进一步用于自动化,用于许多重要的网络安全任务,否则这些任务将依靠人类的专业知识和繁琐的手动努力。 Securebert受到了我们从网络安全和一般计算域的各种来源收集和预处理的大量网络安全文本培训。使用我们提出的令牌化和模型权重调整的方法,Securebert不仅能够保留对一般英语的理解,因为大多数预训练的语言模型都可以做到,而且在应用于具有网络安全含义的文本时也有效。
translated by 谷歌翻译